1. Field of the Invention
The present invention relates to data generating method and apparatus. More specifically, my invention is primarily intended for generating random character sets which are both never repeating within certain period of time and difficult to guess.
2. Description of the Prior Art
Computers and the Internet have become a most significant part of modem communication. Remote access to data has become the essence of the Internet. In order to restrict access to data to authorized users and authorized users only, a lot of securities measure have been put into place. One of the most commonly used methods to secure data is to add a key to the data. The key performs two functions. One is to limit access to data to certain authorized users; the other is to keep track of the access to data by authorized users.
Various inventions have been made to generate these keys. U.S. Pat. No. 4,255,811, which issued to Adler, discloses a Key Controlled Block Cipher Cryptographic System. This invention provides a cryptographic system for encrypting a block of binary data under the control of a key consisting of a set of binary symbols. The cryptographic system may be utilized within a data processing environment to ensure complete privacy of data and information that is stored or processed within a computing system. All authorized subscribers who are permitted access to data within the network are assigned a unique key consisting of a combination of binary symbols. The central processing unit within the computing network contains a complete listing of all distributed authorized subscriber keys. All communications transmitted from terminal input are encrypted into a block cipher by use of the cryptographic system operating under the control of the subscriber key which is inputted to the terminal device. At the receiving station or central processing unit, an identical subscriber key which is obtained from internal tables stored within the computing system is used to decipher all received ciphered communications. It is a primary object of this invention to provide a cryptographic method and apparatus capable of maintaining a high degree of secrecy during the transmission or storage of binary data. It is a further object of the invention to provide such a cryptographic method and apparatus particularly suitable for use in information handling systems such as an electronic digital computer. It is a still further object of the invention to provide such a cryptographic method and apparatus which produces enciphered binary data blocks into a cipher text that is not susceptible to breaking by known cryptanalysis methods. It is another object of the invention to provide such a method and apparatus that operates on a block of data by developing a product cipher dependent upon a unique key which is known only to authorized users and to the system. It is a still further object of this invention to provide such a method and apparatus capable of enciphering a clear text message by means of a product cipher of successive blocks of said message, each product cipher comprising a plurality of linear and affined transformations which are a function of a unique subscriber key configuration, wherein each transformation utilizes a key input which is itself a subset or function of said key and further including a unique nonlinear transformation comprising addition-with-carry of a partially enciphered or deciphered block of data under control of said subscriber key. It is a further object of this invention to provide such a cryptographic system capable of maintaining privacy between any transmitting and receiving station in a communications network or between a plurality of terminals and a central processor including data banks of a computer system. It is yet another object of the invention to provide such a method and apparatus which may be utilized for both encryption and decryption with very slight modification.
U.S. Pat. No. 5,349,642, which issued to Kingdon, discloses a Method and Apparatus for Authentication of Client Server Communication. This invention provides a method and apparatus for message packet authentication to prevent the forging of message packets. After a message packet is created, a secret session key is preappended to the message, and a message digesting algorithm is executed on the altered message to create a message digest. A portion of the message digest, referred to as the signature, is then appended to the actual message when it is sent over the wire. The receiving station strips the signature from the message, preappends the same secret session key and creates its own message digest. The signature of the digest created by the receiving station is compared to the signature of the digest appended by the sending station. If there is a match, an authentic message is assumed. If there is no match, the message is considered as invalid and discarded. An advantage of this invention is that the session key is never transmitted over the wire. The receiving station (server) already has the key and uses the key along with the message data to recalculate the message digest upon receiving the packet. The shared secret key (session key) is generated during initiation of the NCP session. In addition, cumulative state information is maintained by both the sending station and the receiving station. This state information is also used to authenticate messages.
U.S. Pat. No. 5,633,931, which issued to Wright, discloses a Method and Apparatus for Calculating Message Signatures in Advance. This invention provides a method and apparatus for authenticating a message transmitted from a sender to a receiver, where the message is a response to a prior communication from the receiver to the sender, comprising the following steps. First, the sender generates a message signature at least partially derived from a message and a code held by both the sender and receiver. Second, the sender creates an appended message by combining the message signature to the message. Third, the sender sends the appended message to the receiver. Fourth, prior to receiving the message signature and message from the sender, the receiver generates a predicted message signature that is at least partially derived from an expected message from the sender to the receiver and a code held by both the sender and receiver. Fifth, the receiver receives the appended message transmitted by the sender. Sixth, the receiver compares the predicted message signature with the received message signature. Lastly, the receiver authenticates the message it received if the predicted message signature and the received message signature match. An object of this invention is to provide an improved means for preventing message packet forgery. Another object of this invention is to provide an improved message packet authentication means for preventing message packet forgery. Yet another object of this invention is to provide an improved message packet authentication means for preventing message packet forgery that reduces message authentication time. A further object of this invention is to provide an improved message packet authentication means for preventing message packet forgery that reduces overall message transaction time.
U.S. Pat. No. 5,892,827, which issued to Beach, discloses a Method and Apparatus for Generating Personal Identification Numbers for Use in Consumer Transactions. This invention resides in a method for assuring security of individually identifiable randomly numbered certificates is accomplished by printing an encoded self-validating PIN on each certificate. An encryption method permits the PIN to be deciphered when it is presented for redemption. The method enables a greater number of potential personal identification numbers, in the form of PINs, to be generated from a limited or fixed number of digits. The method includes the printing of an authorization code on the certificate, which code will subsequently be used to verify the validity of the award. Preferably, the method includes the generation, in real time at the point-of-sale in a retail store, of seemingly random authorization codes which will be subsequently used to verify the validity of the award as well as to provide information pertaining to the location of the printing of the authorization code on the certificate, which will also be subsequently used to verify the validity of the award. Briefly, and in general terns, the method of the invention comprises the steps of detecting the occurrence of an event that has been preselected to trigger the generation of a certificate of value for distribution to a customer of a retail store; generating a certificate of value in response to the detecting step; generating a unique and seemingly random authorization code at about the same time that the certificate is generated; and including the authorization code in the certificate. The certificate is self-validating and has no existence or value prior to its generation and there is, therefore, no requirement to keep an inventory of either certificates or authorization codes before their generation.
U.S. Pat. No. 5,913,217, which issued to Alger, discloses a Generating and Compressing Universally Unique Identifiers (UUIDS) Using Counter Having High-Order Bit to Low-Order Bit. This invention provides a computer-based method and system that reduces the overhead of storing object identifiers and reduces the chance of duplicate object identifiers being generated. The system generates counter-based identifiers rather than OSF-defined identifiers. To generate an identifier, the system increments a counter having bits that are ordered from a high-order bit to a low-order bit. The system sets a computer system identifier portion of contiguous bits of the identifier to identify the computer system that is generating the identifier. The system also sets a counter portion of contiguous bits of the identifier to the bits of the incremented counter. The system sets the bits of counter portion so that the bits of the counter portion that are closer to the bits of the computer system identifier portion are set to the higher-order bits of the counter. The counter-based object identifier has the advantage of being more efficiently compressed than the OSF-defined format. For example, since the high-order bits of the counter portion are closer to the node identifier portion, for object identifiers generated at the same computer system, the amount of contiguous information in two object identifiers that is redundant is increased. Compression techniques can reduce storage overhead by efficiently storing the redundant information. The system compresses a list of universally unique identifiers (UUIDs) by compactly representing redundant portions of the UUIDs. The system determines which portion of a selected UUID is redundant with a portion of a previously selected UUID. The system compresses a UUID by storing an indication of the portion of the selected UUID that is redundant and storing a remainder of the selected UUID that is not indicated as being redundant. When the redundant portions are contiguous and form either the prefix or the suffix of the UUIDs, one of many well known prefix or suffix compression algorithms can be used. In another aspect of this invention, the system compresses an object identifier by replacing a portion of the identifier with a short handle that specifies the bit that it replaces. The system generates a mapping of handles to values of a portion of object identifiers. To compress an object identifier, the system determines whether the value corresponding to the portion of the object identifier is in the generated mapping. When the value corresponding to the portion of the object identifier is in the generated mapping, the system sets a compressed form of the object identifier to a combination of the handle that maps to that value and of the remainder of the object identifier other than the value. To decompress a compressed object identifier, the system uses the handle to retrieve the bits for the portion from the mapping and adds the remainder.
U.S. Pat. No. 5,915,021, which issued to Herlin, discloses a Method for Secure Communications in a Telecommunications System. This invention provides a method for sending a secure message in a telecommunications system utilizing public encryption keys. All authentication parameters of each of the users, including each user's decryption key that is known only to the user, are used to verify, by public key methods, the identity of a user sending a communication to another user of the system. During the authentication process, an encryption key for use in communications between the two users may also be generated. The generated encryption key may be a private session key. Once the initial authentication is completed, the private session key can be used to perform encryption that is less computationally demanding than public key methods. In an embodiment of the invention, two communicating users may use the method to authenticate each other and generate an encryption key that is used to encrypt subsequent communications between the users. During the process of this embodiment, two encryption keys are generated. A first encryption key is used only in the authentication process, and, a second encryption key is used in both the authentication process and as the key for encrypting subsequent communications. Use of two encryption keys requires that each of the two users apply its decryption key to complete the authentication and encryption key agreement process successfully.
U.S. Pat. No. 5,963,646, which issued to Fielder, discloses a Secure Deterministic Encryption Key Generator System and Method. A method and system is disclosed for generating a deterministic but non-predictable symmetric encryption key which is highly resistant to cryptographic analysis or brute force attacks to discover the E-Key Seed of the encryption key generator. More particularly, the bits of a constant value or message are logically, cryptographically and/or algebraically combined with the bits of a secret plural bit sequence (E-Key Seed) to provide a bit-shuffling which results in the mapping of a large number of bits into a first pseudo-random number having fewer bits. The resulting bit sequence then is applied through a secure hash function for increased irreversibility. The message digest in turn may be truncated to a desired bit length to provide a repeatable, non-predictable but deterministic, and pseudo-random symmetric encryption key. In one aspect of the invention, the encryption key produced by the encryption key generator may be reproduced by applying same inputs to the generator. The need for key directories or key records thereby is obviated. In another aspect of the invention, attempts to discover the E-Key Seed of the encryption key generator through cryptographic analysis or brute force attacks is thwarted by having one input, the secret E-Key Seed, held in secret and consisting of a plural bit sequence of at least 224 bits, by algebraically combining the bits of the E-Key Seed and the constant value to provide a many-to-few bit mapping result as a pseudo-random input to the secure hash algorithm, and by applying the combination through a secure hash function which enhances the irreversibility of the pseudo-random encryption key output. In still another aspect of the invention, the E-Key Seed and constant value may be combined through a sequence of logic, algebraic, and/or cryptographic steps to provide an input to the secure hash function. In a further aspect of the invention, the E-Key Seed and constant value may be encrypted to provide an input to the secure hash function.
U.S. Pat. No. 5,982,892, which issued to Hicks, discloses a System and Method for Remote Authorization for Unlocking Electronic Data. The main components of the system of this invention include a product key generator, a user key generator, and a user key verifier. The product key generator is responsible for generating a signing key or keys, and a verification key or keys. The user key generator generates a unique user key(s) using a numeric representation(s) of identifying information relating to a user; such identifying information optionally may include licensing information containing terms of permitted use and the signing key(s). The user key verifier determines whether the user key matches the identifying information as a means for controlling the use mode of the software. This use of digital signatures to generate user keys is both novel and nonobvious over the prior art. This invention also includes a method for controlling unauthorized use of software distributed by a software vendor. The method begins by generating a verification key with a product key generator. The verification key includes a private signing key and a public verification key. The software and the verification key are combined to create distributable software which is distributed to a user. The user installs the software on a user computer system as protected software. To obtain a user key, the user inputs user identifying information which is sent to a user key generator. The user identifying information may include licensing information as well as information on the user, the user's computer system, etc. The user key generator converts the user identifying information to a numeric representation and then generates, by signing the numeric representation with the private signing key, a user key. The user key is conveyed to the user computer system. Using the verification key, a user key verifier verifies a relationship between the user key and the user identifying information to determine an access level to the protected software. A general object of the invention is software that executes a user key verifier at run-time to determine run-state as a means of protecting the software from unauthorized use. Another object of the invention is a user key verifier that uses a public key signature verification algorithm to determine the validity of a user key. An additional object of the invention is the use of digital signatures to generate user keys in a system for controlling unauthorized use of software distributed to users. A further object of the invention is a system using the presence of a valid digital signature on licensing information to determine a program's mode of execution.
U.S. Pat. No. 6,064,989, which issued to Cordery, discloses a Synchronization of Cryptographic Keys between Two Modules of a Distributed System. The invention provides an apparatus for synchronizing cryptographic keys. The apparatus comprises: a first module including a universal key; a second module including a unique identifier and a unique key wherein the unique key is derived from the unique identifier and the universal key and incorporated into the second module during manufacture of the second module. The second module is in communication with the first module. The apparatus further comprises a controller for performing the following subsequent to manufacture of the first module and the second module: initiating a communication session between the first module and the second module; transmitting the unique identifier from the second module to the first module; and deriving the unique key in the first module using the unique identifier and the universal key. In accomplishing this and other objects there is provided a method for synchronizing cryptographic keys between a first module and a second module, the second module in communication with the first module, the method comprising the step(s) of: storing a universal key in the first module; storing a unique identifier in the second module; storing a unique key in the second module during manufacture of the second module wherein the unique key is derived from the unique identifier and the universal key; initiating a communication session between the first module and the second module subsequent to manufacture of the first module and the second module; transmitting the unique identifier from the second module to the first module; and deriving the unique key in the first module using the unique identifier and the universal key so that the unique key exists in both the first module and the second module. Additionally, there is provided a method of manufacturing a postage evidencing system including a meter, a printer and a control means for synchronizing cryptographic keys between the meter and the printer.
U.S. Pat. No. 6,075,860, which issued to Ketcham, discloses an Apparatus and Method for Authentication and Encryption of a Remote Terminal over a Wireless Link. This invention provides a method and system for authenticating an authorized user of a remote terminal attempting to interconnect with a computer network over a wireless modem. An encrypted wireless communication channel is established between a remote terminal and a network server for facilitating the authentication process. An authorized user presents an authentication card containing credentials including a user identifier and an authentication encryption key to a remote terminal. The remote terminal establishes a wireless communication channel with a network server which provides a firewall between unauthenticated users and a computer network. The network server and the remote terminal then exchange encrypted information thus verifying the authenticity of each party. The remote terminal and the network server each independently generate a data encryption key for use in establishing a secure encrypted wireless communication channel therebetween. It is an object of this invention to authenticate an authorized user of a remote terminal in a computer network prior to permitting access of that authorized user to the computer network. It is another object of this invention to establish a secure authenticated wireless communication channel between an authorized user of a remote terminal and a computer network. It is yet another object of this invention to provide a system for authenticating an authorized user of a computer network prior to permitting access of the authorized user to the computer network. It is another object of this invention to provide a system for establishing an encrypted authenticated wireless communication channel between a remote terminal and a computer network.
U.S. Pat. No. 6,076,097, which issued to London, discloses a System and Method for Generating Random Numbers. This invention provides a system and method for generating random data without using devices such as gas discharge tubes, leaky capacitors, noise generators or keyboard strokes, and without occupying UNIX timers and/or signals. In accordance with this invention, a loop count is selected and counted. Random data is taken from the least significant (the most active, and therefore the most random) bits of the value of the elapsed time over which the loop was counted. This is completely different from Truerand, which sets the duration for which the loop counts, and then derives random data from the number of times the loop is counted over that set duration. This invention realizes a more efficient and quicker way of generating data that is at least as random as that generated by Truerand. The unpredictability of both this invention and Truerand is based upon the UNIX scheduler and the granularity of the system clock. However, whereas Truerand generates between 25 and 30 bytes of random data per second on a Sun Sparc-20 workstation, this invention generates around 2000 bytes of random data per second on the same platform. Data generated in accordance with this invention has 10 passed chi-squared and compression tests for randomness. This invention advantageously use the standard UNIX system call gettimeofday to determine the elapsed time over which the loop is counted, while Truerand uses the ITIMER.sub.—REAL timer and SIGALRM signal. The use of the UNIX timer and signal precludes their use in the rest of the application in which Truerand occurs, disadvantageously preventing the programmer from easily and simply employing these useful UNIX features elsewhere in the application. This invention advantageously allows the programmer to use the UNIX timer and signal elsewhere in the application. This invention provides a fast, efficient way to generate data proven to be random by chi-squared and compression tests. It does not rely on UNIX timers and signals, allowing these to be used elsewhere in the application that requires random data.
U.S. Pat. No. 6,084,877, which issued to Egbert, discloses a Network Switch Port Configured for Generating an Index Key for a network Switch Routing Table Using a Programmable Hash Function. According to one aspect of this invention, a method for determining a network switch output port for transmission of a data packet having an address received by a network switch input port includes generating a hash key in the network switch input port for the data packet based on the corresponding address, and supplying the hash key generated in the network switch input port to a rules checker configured for determining the output port in response to the supplied hash key. Generation of the hash key in the network switch input port eliminates the necessity in a rules checker of simultaneously generating hash keys for data packets received from multiple switch ports simultaneously. Moreover, the generation of the hash key in the network switch input port enables the hash key to be generated while the remaining portion of the data packet is received, minimizing delays in packet latency through the network switch. Another aspect of this invention provides a network switch configured for outputting a data packet, the network switch comprising a first programmable register for storing a first number specifying a user-specified hash function, and a plurality of network switch ports configured for sending and receiving data packets, each network switch port comprising a hash key generator configured for generating a hash key in response to a received address of a corresponding data packet according to the user-specified hash function, the hash key specifying a corresponding one of a plurality of table entries in a rules checker storing switching logic. The programmable register enables the hash key to be set by a user, enabling different hash key configurations for different network architectures. Moreover, the hash key generator in each network switch port optimizes the efficiency of the rules checker by generating the hash key for a corresponding data packet as the data packet is being received.
U.S. Pat. No. 6,085,323, which issued to Shimizu, discloses an Information Processing System Having Function of Securely Protecting Confidential Information. This information processing system includes a first information processing apparatus and a second information processing apparatus arranged separate from the first information processing apparatus and capable of exchanging a signal with the first information processing apparatus. The first information processing apparatus includes a first key generator for generating a first key, and a first encrypting unit for encrypting data using the first key generated by the first key generator to generate first encrypted information. The second information processing apparatus includes a second key storage unit for storing a second key, and a second encrypting unit for encrypting the first key using the second key stored in the second storage unit to generate second encrypted information. The first information processing apparatus further includes a correlation storage unit for storing the first encrypted information generated by the first encrypting unit and the second encrypted information generated by the second encrypting unit, the first encrypted information being correlated with the second encrypted information. It is an object of this invention to provide an information processing apparatus, an information processing system, an information processing method, a recording medium, and a key determination method and apparatus, which are capable of protecting confidential information stored in the apparatus even if the apparatus is stolen and disassembled. It is another object of this invention to provide an information processing apparatus, an information processing system, an information processing method, a recording medium, and a key determination method and apparatus, capable of storing data shared by a plurality of users in an efficiently and safely encrypted form.
U.S. Pat. No. 6,104,810, which issued to DeBellis, discloses a Pseudorandom Number Generator with Backup and Restoration Capacity. In accordance with the invention, pseudorandom numbers are generated in a cryptographic module in a cryptographically strong manner by concatenating a time-dependent value (generated by a real-time counter) with a secret value and passing the concatenation result through a one-way hash function to generate a hash value from which a random number is generated. Because of this strong one-way function, given the output and any portion of the input, the remaining portion of the input can be computed only by exhaustive search. Entropy is continually added to the system so that breaking one pseudorandom number reveals only those pseudorandom numbers generated before entropy has been added. Thus, the current secret value is continually updated whenever the cryptographic module is idle by a first feedback function that generates a first updated secret value as a one-way function of the current secret value and the current time-dependent value. In addition, the current secret value is updated on the occurrence of a predetermined external event by a second feedback function that generates a second updated secret value as a one-way function of the current secret value, the current time-dependent value and an externally supplied value. Upon power-on reset, if the pseudorandom number generator has not been previously initialized, it initializes itself by resetting the time-dependent and secret values to zero and resetting an initialization count to a predetermined positive value. The initialization count is decremented each time an external event causes the second feedback function to update the secret value; initialization is complete when the initialization count has been decremented to zero. If on power-on reset the pseudorandom number generator has been previously initialized, the current time-dependent and current secret values are restored using values stored in backup registers. In accordance with this invention, to provide integrity and secrecy and to avoid replay attacks, periodic backup of the hardware information to nonvolatile storage is coupled with additional appropriate feedback, update and restoration algorithms. Backup, rather than being direct, uses a hashing function that is different from the hashing function used for normal update. More particularly, while the current time-dependent value is used as backup time-dependent value, a hash of the current secret value that is different from either feedback function is used as a backup secret value. This minimizes the possibility that restoration will result in repetition of pseudorandom numbers. More particularly, one aspect of this invention contemplates a backup and restoration system for a cryptographic pseudorandom number generator in which a secret value is replaced with an updated secret value generated as a first function of the current secret value and a time-dependent value and a pseudorandom number is generated as a second function of the secret value and time-dependent value differing from the first function. In accordance with this aspect of the invention, rather than deriving a backup secret value directly from the current secret value, a backup secret value is generated as a third function of the secret value and time-dependent value differing from the first function. Another aspect of this invention contemplates a backup and restoration system for a cryptographic pseudorandom number generator in which a pseudorandom number is generated as a function of a secret value and a time-dependent value. In accordance with this aspect of the invention, at a predetermined time (as at power-on reset) the pseudorandom number generator determines whether the time-dependent value and the secret value have been previously initialized. If the time-dependent value and the secret value have not been previously initialized, then the pseudorandom number generator initializes these values. On the other hand, if the time-dependent value and the secret value have been previously initialized, the pseudorandom number generator restores these values from backup values rather than reinitializing them.
Although most of these inventions provide a method to generate a key for data in certain way, none of the inventions provide a method or apparatus for generating keys that are both never repeating within certain period of time and difficult to guess. The current invention is a method and apparatus for generating a group of character sets that are both never repeating within certain period of time and difficult to guess. These character sets can be used as keys to secure data against unauthorized access. The current invention is a product that helps make Web sites faster and more secure.
Most Web sites for on-line shopping uses a number similar to a social security number to identify a user or a user's online shopping cart. The problem of this practice is that if a hacker guesses the Customer ID, that hacker may have access to the data associated with the on-line transactions. The current invention uses a complex mathematical formula to create special groups of characters, called “bodacions”, that are too difficult for a hacker to guess. This makes the Web sites, and the customer's data, more secure. The current invention can also generate unique customer ID's, shopping cart ID's, order numbers, and other data that is both never repeating and difficult to guess.
Most types of communication can be classified as either “connection based” or “connectionless” systems. In a connection based system, the system maintains a persistent connection while the two end points are communicating back and forth in a conversation or session of some duration. The telephone system would be an example for a connection based system. When a caller place a call through the phone system, special digital and sometimes mechanical switches create a connection between the caller and a party that the caller is calling. In effect, the system emulates the presence of a wire between the caller and the party that the caller is calling.
In a connectionless system, the system breaks down communication to and from the communicating parties into discrete inbound and outbound transmissions. The Internet would be an example of a connectionless system. When a Web page with image A and image B is loaded, a Web browser may establish two connections to a server where image A and image B reside, one for each image. The server may have no idea that the two requests for image came from the same browser. The two requests for image A and image B, though seemingly part of the same Web page request, are actually two completely isolated conversations, and may take very different paths through Internet. Further more, a subsequent request for image C would be a brand new conversation, and the server would have no way to know that the request came from the same computer that just requested image A and image B.
Linking the requests together would involve the use of a unique session ID, which the two parties in a conversation must exchange upon each discrete connection. The use of session IDs allows a connectionless system to emulate a connection based system. These IDs can have many uses. These IDs can be used as customer number, order number, etc. By giving each customer and order a unique identifier, not unlike an ISBN for a book or a Social Security number for a person, the server can have knowledge of the identity of the customer upon each visit without a log in or authentication process. These IDs can also be used to insure a user has not modified data that are not authorized to be modified by the user from request to request. These IDs can also be used in secured remote access. If two parties can generate the same session ID at the same time, they can be assured of each other's identity. For example, if a server allows access to a resource by a certain client only at certain times, the client must send a session ID along with each request to access the server. If the client and server have the same session ID, the server may grant the client the access. There are countless other uses for unique session IDs, including keeping track of the time a user has been on a system, the number of accesses to that system from a single user, and more. Session IDs may also be hierarchical, providing a link between members of a group in connection based and connectionless systems alike. The uses are truly endless.
Systems that need to create session IDs face numerous significant challenges. These challenges can differ from system to system. First, it is difficult to guarantee the uniqueness of the session ID generated. For a session ID to be effective in linking discrete sections of a dialog in a connectionless system, the session ID for each dialog must be unique among all dialogs. For example, say a particular server assigns session IDs based on the time in seconds since the system began operation. If two users accessed the system within the same second, the server would think that these two users are actually the same user because same session ID has been assigned to these two different users. Depending on the complexity of the system and its user base, it can be difficult, if not impossible, to make a unique key from user data elements.
Second, it is difficult to defeat hackers. The guessing of session IDs by hackers, or computer bandits, is one of the most prolific methods used to break into systems. Session IDs created by even complex algorithms are simple to guess, and once a hacker has a session ID, it can assume any identity.
Third, it is computationally expensive to increase algorithm complexity. Some one to one hashing techniques and other methods of producing unique sessions are computationally expensive. A busy system may not have the computing resources to produce a session ID that is not simple to guess with some of these algorithms.
Fourth, it is impractical to adopt a pre-generated ID pool. To avoid the problems of uniqueness and CPU usage, some systems will pre-generate a list of session IDs and store them in a file or database. The trouble here is that all parts of the system that require a session ID will require access to that list of session IDs. When one ID issued, the system must lock the entire resource to be sure no two requests for an ID interfere with each other.
In view of all these problems, what is needed then is a method and apparatus for generating a group of character sets that are both never repeating within certain period of time and difficult to guess.
Accordingly, it is a principal object of my invention to provide a method and apparatus capable of fast generation of a group of character sets that are both never repeating within certain period of time and difficult to guess.
It is a further object of my invention to provide a method and apparatus capable of making web sites faster through its capability of fast generation of a group of character sets that are both never repeating within certain period of time and difficult to guess.
It is a still further object of my invention to provide a method and apparatus capable of making Web sites more secure through its capability of fast generation of a group of character sets that are both never repeating within certain period of time and difficult to guess.
It is a further object of my invention to provide a method and apparatus capable of allowing a connectionless system to emulate a connection based system.
It is a still further object of my invention to provide a method and apparatus capable of enabling a server to have knowledge of the identity of a customer upon each visit without a log in or authentication process.
It is a further object of my invention to provide a method and apparatus, which consumes little CPU resources, for generating a group of character sets that are both never repeating within certain period of time and difficult to guess.
It is a further object of my invention to provide a method and apparatus capable of generating a group of character sets, from a key in parallel, that are both never repeating within certain period of time and difficult to guess.
Other objects of my invention, as well as particular features, elements, and advantages thereof, will be elucidated in, or apparent from, the following description and the accompanying drawing figures.